Trying out Windows Server 2022 has never been easier thanks to VMWare Workstation Pro and the Microsoft Evaluation Center. The Windows Server 2022 iso file is free to download and install. While it initially installs with an evaluation license you can activate it later with a valid license.
In this post, I’ll walk through installing Windows Server 2022 with IIS 10, setting up a local site, creating and installing a wildcard SSL certificate, and using Server Name Indication (SNI) which offers SSL scalability by hosting multiple SSL certificates on a single IP address.
Key Takeaways
- All software is free to download
- Select Desktop Experience during install to use GUI
- Pick only the services you actually need
- Lock down sites with authentication and certificates
- IIS 10 SNI allows hosting multiple certificates with only 1 IP
System Requirements and Preparation
Download the Windows Server 2022 Installation ISO File
The Windows Server 2022 ISO file can be obtained directly from Microsoft Evaluation Center. The file is about 5 GB download which should only take a few minutes depending on internet speed.
Installing VMware Workstation Pro on Windows 11
VMware Workstation Pro is also free to download and I use it quite a bit. When creating your VM, don’t point it directly at the ISO in the first step—instead, pick “I will install the operating system later”. Otherwise you’ll like get an error about the license being invalid.
After the empty virtual machine has been created, mount the .iso file. Power it on, and when you see the “press any key ” message, press any key. This will launch familiar Windows Server installation process.
On the setup screen, there are a few editions. If you want a regular desktop interface, go with Desktop Experience. The other choice is command-line only, which is fine for hardcore admins but not most people.
Here’s the basic process:
- Create a new VM in VMware Workstation Pro.
- Pick manual install—skip any automated setup.
- Mount your Windows Server 2022 ISO to the VM.
- Boot from the ISO, kick off the installer.
- Select Desktop Experience for the GUI.
- Accept the license, pick Custom Install, and install to the empty drive space.
Setting Up and Configuring the Virtual Machine
Selecting Setup Preferences
With the VM off, select the path to the Windows Server 2022 ISO file. Once you’ve pointed to the ISO, power up the VM. When you see the “Press any key to boot from CD or DVD” prompt, just click inside the window and hit a key to get started.
Starting the Windows Server 2022 Installation
If you’ve ever installed Windows server before this process will look familiar. Accept the license terms, choose custom installation, and select Drive 0 Unallocated Space. The installer will do its thing—copying files and prepping everything.
Choose Desktop Experience
During install, you’ll see that more than one edition is available. Select the version with Desktop Experience. This the one with a GUI. Unless you’re a PowerShell ninja, just pick that—it’s a lot more practical for most people.
Key Features of Windows Server 2022
Key points:
- Enhanced Security through its Secured-core server capabilities which integrate hardware root of trust with TLS 1.3 encryption for secure connection establishment.
- Better Azure Integration through Azure Arc which enables users to manage their on-premises and cloud resources from a single central location.
- Improved network performance through its enhanced UDP/TCP handling and automatic SMB compression which enables faster file transfers.
- Virtualization on AMD processors through nested virtualization which was previously limited to Intel processors. Users can now create testing environments with enhanced flexibility because of this improvement.
- Optimized container support through its smaller Windows container images and enhanced Kubernetes integration for efficient containerized application deployment.
Setting Up IIS 10
Enabling the Web Server Role with Server Manager
Open Server Manager to start the process of adding roles and features by selecting Add Roles and Features. Choose a role-based installation from the options and select your local server. Next, select Web Server (IIS) from the roles list and proceed with Add Features to confirm your selection. Follow the wizard instructions by selecting Install and wait for the process to complete. After the installation finishes you can exit Server Manager to proceed with the next steps.
Choosing Features and Role Services
When you’re selecting the various services, choose whatever you want for a dev environment. But in production, always follow best practices and remember that less is more. Only enable what you actually need. Unused features or services in production just provide a future attack vector.
Quick checklist:
- Stick to essential services
- Skip unneeded modules in production
- Keep track of what you turn on
This keeps things tidy and easier to manage.
Setting Up a Secure Website in IIS
Adding a New Site
Jump into IIS Manager, right-click Sites, and pick Add Website. Fill in the site name, folder path, and host name. Hit OK—that’s it for the basics.
Setting Application Pool Security
Open your site’s properties and switch authentication from IUSR to ApplicationPoolIdentity. Double-check under Application Pools to make sure the identity’s right. Built-in accounts aren’t great for isolation, so avoid those.
Updating Folder Access Rights
Next go to your site’s root directory and remove any inherited permissions you don’t need, and then add the app pool identity user account manually:
IIS AppPool<AppPoolName>
Your site should have just enough rights for the it to work.
Editing Hosts File for Development Use
If you want to test locally, open up the hosts file at:
C:\Windows\System32\drivers\etc\hosts
Add a line pointing your host name to 127.0.0.1. Save it, and your browser will resolve that name locally to your VM, skipping DNS.
SSL Certificate Management
Creating a Wildcard Certificate Request
As a reminder a wild card certificate has a common name with * in it to allow the cert to be used for any subdomain. Creating a wild card certificate for IIS is straight forward and is essentially the same process as a regular certificate. To get a wildcard certificate, just open IIS Manager at the server level and select Server Certificates. Click Create Certificate Request to launch the wizard. The common name needs an asterisk (like *.domain.com) so it’ll cover all your subdomains. That’s all you need to do.
Next set the bit length to 2048—that’s the minimum most SSL vendors allow and then save the request as a text file. This file is what’s called a Certificate Signing Request. Upload this file to your your SSL vendor.
Adding the SSL Certificate
Once your signed certificate is ready, go to Complete Certificate Request in IIS Manager. Pick your cert file, give it a friendly name, and finish up.
Pro tip: While Personal is the default certificate store, Windows Server 2012 introduced a specialized Web Hosting certificate store designed specifically for certificate scalability so use this store instead for better performance.
In Summary
